In many ways, technology is not unlike the human body. For example, just like the diseases that attack the human body grow stronger with the evolution of the body’s defences, the threats that the world of technology faces grow stronger with each evolution that makes technology more secure. Even as 2016 draws to a close, we are already seeing cyber attacks that are way more advanced than what most of our systems are prepared for. And come 2017, these attacks have no plans of going away unless we take some necessary measures. With insights from Sunil Sharma, Vice President -Sales, Sophos India & SAARC, here are some of the most significant threats to cyber security in 2017.
IoT based destructive attacks will rise
The Mirai botnet attack has shown that security in IoT devices is no longer a topic that manufacturers can put on hold for the time being. The attackers had even revealed that the attack, which had brought multiple sections of the internet to a halt, was merely a dry run. And the techniques used in the attack weren’t too advanced and merely exploited the weakness of IoT security standards, or the lack of them. Expect IoT exploits, better password guessing and more compromised IoT devices being used for DDoS or perhaps to target other devices in your network.
Targeted social attacks
It’s not like these aren’t already happening. But with the increasing power to analysis tools, and better social engineering techniques, you can expect to receive phishing emails that are highly personalised and contain information that only someone you personally know could write to you. With baits like this, phishing attacks will gain effectiveness as they won’t be making any obvious, easily identifiable mistakes.
Bank infrastructure attacks
Earlier this year, The Bangladesh Bank, the central bank of Bangladesh, faced the brunt of a SWIFT (Society for Worldwide Interbank Financial Telecommunication) based attack in which they have lost about $63million ($18 million of the original $81 million have been recovered). SWIFT recently admitted that there have been other such attacks and it expects to see more, stating in a leaked letter to client banks: "The threat is very persistent, adaptive and sophisticated – and it is here to stay".
Attacks on insecure internet infrastructure
The internet is inherently insecure. Most of the protocols that we still use are quite outdated, yet their ubiquity makes them hard to be improved on or replaced. And these protocols can sometimes fail disastrously. Take the Mirai botnet DDoS attack on Dyn in October mentioned earlier - at 1.2 terabits per second, this was the worst ever DDoS attack - that too on a DNS service provider. In the image you can see the Level 3 outage map during the attack. For a full list of affected services check out
More attacks using built-in admin languages and tools
According to Sophos, more exploits based on PowerShell, Microsoft's language for automating administrative tasks, are emerging every day. As a scripting language, PowerShell evades countermeasures focused on executables. Even attacks using penetration testing and other administrative tools, that may already exist on the network, are on the rise. These tools need not be infiltrated, and may not be suspected. These powerful tools require equally strong controls.
Evolved ransomware
Users are now highly aware of the risk of ransomware and malware attacks via email, but that doesn’t mean that criminal elements have given up on the prospects. In fact, newer vectors are being explored to reach the end user.Some are experimenting with malware that reinfects later, long after a ransom is paid, and some are starting to use built-in tools and no executable malware at all to avoid detection by endpoint protection code that focuses on executable files.
Recent examples have offered to decrypt files after the victim shared the ransomware with two friends, and those friends paid to decrypt their files. Ransomware authors are also starting to use techniques other than encryption, for example deleting or corrupting file headers. And finally, with "old" ransomware still floating around the web, users may fall victim to attacks that can't be "cured" because payment locations no longer work.
Image Credits: SophosLabs
Personal IoT attacks
Apart from being used in botnet-like attacks for the numbers, IoT devices are also perfect targets for another type of attack - a personal attack on your home network and devices connected to it. To begin with, it may not matter to you that someone has hijacked into your garage video feed. But once an attacker managed to own a device, they can use it to get to other devices in the network like your laptop, smartphone etc.
Rising focus on exploits against virtualized and cloud systems
Attacks against physical hardware (e.g. Rowhammer) raise the possibility of dangerous new exploits against virtualized cloud systems. Attackers might abuse the host or other guests running on a shared host, attack privilege models, and conceivably access others' data. And, as Docker and the entire container (or ‘serverless’) eco-system become more popular, attackers will increasingly seek to discover and exploit vulnerabilities in this relatively new trend in computing. We expect active attempts to operationalize such attacks. A significant example of this type of an attack is the DROWN attack, can affect all types of servers that offer services encrypted with TLS yet still support SSLv2, provided they share the same public key credentials between the two protocols.
Too much and too strong encryption
As encryption, the strong kind, becomes available to general public, it becomes hard to sniff on online traffic and that makes it easier for harmful tasks to be carried out online undetected. For this, security products need to up the game and tightly integrate into the networking side of things to prevent this from happening.